Salt States by Example | Part 2 | Install Nginx using Saltstack

By: rahul On: Sat 30 September 2017
In: Devops
Tags: #devops #configuration-management #linux #saltstack

Greetings Wanderer!

Before we proceed, please make sure that you've checked out the links listed below:

> Saltstack By Example | Part 1 | Installation
> Saltstack By Example | Part 2 | Configuration
> Saltstack By Example | Part 3 | Basic Commands
> Saltstack By Example | Part 4 | Salt State Examples

> Salt States by Example | Part 1 | Install a Salt Minion on CentOS or Debian
>> Salt States by Example | Part 2 | Install Nginx using Saltstack (<== We are here)

Prerequisites
  • A Salt Master
  • A Salt Minion that runs a Debian minimal install or a CentOS minimal install - the installation is outlined in Part 1
Build the Salt state files

To begin with, this is what our directory structure looks like:

.
|-- common
|-- nginx
|   `-- repofiles
|-- mysql
|-- php
|   `-- files
|-- wordpress
|   `-- files
|-- wpcli
|   `-- files
`-- wp_user
    `-- files
        |-- templates
        `-- wptest
            |-- logs
            `-- public_html

1. Common Packages

First, we'll install a bunch of commonly required software. Create a file called packages.sls(common/packages.sls) and add the following code:

common_deps:
  pkg.installed:
    - pkgs:
      - wget
      - firewalld
      - unzip
      - curl
      - tree
      - systemd

Documentation: pkg.installed

2. Nginx Installation

2a. Next, we'll install Nginx. In order to get started, let's add the repo files to the destination. Create a file called repo.sls(nginx/repo.sls) and the following code:

{% from "wordpresser/nginx/map.jinja" import nginx %}

nginx-repo:
  file.managed:
    - makedirs: True
{% if grains['os_family'] == 'Debian' %}
    - name: /etc/apt/sources.list.d/nginx.list
    - source: salt://wordpresser/nginx/repofiles/nginx.list
{% elif grains['os_family'] == 'RedHat' %}
    - name: /etc/yum.repos.d/nginx.repo
    - source: salt://wordpresser/nginx/repofiles/nginx.repo
{% endif %}

In essence, we're copying the repo files, based on the OS, to the minions. These are the repo files:
nginx/repofiles/nginx.list

deb http://nginx.org/packages/debian jessie nginx

nginx/repofiles/nginx.repo

[nginx]
name=Official Nginx Repository
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=0
enabled=1

2b. The map.jinja file is where we can declare OS-specific variables, so we'll create one here (nginx/map.jinja) and add the following code:

{% set nginx = salt['grains.filter_by']({
    'Debian': {
        'package': 'nginx',
        'service': 'nginx',
        'user': 'www-data',
        'group': 'www-data',
        'configfile': '/etc/nginx/nginx.conf',

        'logdir': '/var/log/nginx',
        'wwwdir': '/var/www',
    },

    'RedHat': {
        'package': 'nginx',
        'service': 'nginx',
        'user': 'nginx',
        'group': 'nginx',
        'configfile': '/etc/nginx/nginx.conf',

        'logdir': '/var/log/nginx',
        'wwwdir': '/var/www',
    },

}) %}

2c. Now that the repo files have been copied, let's install Nginx. Create a file called packages.sls(nginx/packages.sls) and add the following code:

{% from "wordpresser/nginx/map.jinja" import nginx %}

install_nginx:
  pkg.installed:
    - name: {{ nginx.package }}
    - force_yes: True
  group.present:
    - name: {{ nginx.group }}
    - system: True
  user.present:
    - name: {{ nginx.user }}
    - gid: {{ nginx.group }}
    - system: True

reload-nginx:
  service.running:
    - name: {{ nginx.service }}
    - enable: True
    - reload: True
    - watch:
      - module: nginx-config-test

nginx-config-test:
  module.wait:
    - name: nginx.configtest

NOTE: The variables {{ nginx.service }},{{ nginx.group }},{{ nginx.user }} are imported from the map.jinja file.

2d. And lastly, open the firewall ports 80 and 443 - create a file called firewalld.sls(nginx/firewalld.sls) and add the follwing code:

open_nginx_ports:
  firewalld.present:
    - name: public
    - ports:
      - 80/tcp
      - 443/tcp
      - 22/tcp

NOTE: Here, I've made use of the firewalld package, for easu management of the firewall rules. You can use iptables or the ufw - YMMV.

Here's what the completed directory structure should look like:

nginx/
|-- firewalld.sls
|-- map.jinja
|-- packages.sls
|-- repofiles
|   |-- nginx.list
|   `-- nginx.repo
`-- repo.sls

2e. Edit the init.sls file to include the nginx state files:

$ cat init.sls
include:
  - wordpresser.common.packages
  - wordpresser.nginx.repo
  - wordpresser.nginx.packages
  - wordpresser.nginx.firewalld

2f. Run salt command - salt '*' state.apply

Once this is complete, access the minion's IP on the browser, and it should yield a default Nginx page.
In the next post, we'll discuss the steps to install MySQL and PHP using Salt.

A complete version of the code is available at this GitHub repository: Wordpresser

EOF.


If you found the article helpful, please share or cite the article, and spread the word:


For any feedback or corrections, please write in to: rahul [at] muchbits [dot] com